Understanding the behaviors of BGP-based DDoS protection services

Abstract

Distributed Denial of Service attacks has been one of the most challenges faced by the Internet for decades. Recently, DDoS protection services (DPS) have risen up to mitigate large-scale DDoS attacks by diverting the vast malicious traffic against the victims to affordable networks. One common approach is to reroute the traffic through the change of BGP policies, which may cause abnormal BGP routing dynamics. However, little is known about such behaviors and the consequences. To fill this gap, in this paper, we conduct the first study on the behaviors of BGP-based DPS through two steps. First, we propose a machine learning based approach to identify DDoS events because there usually lacks data for characterizing real DDoS events. Second, We design a new algorithm to analyze the behavior of DPS against typical DDoS attacks. In the case study of real DDoS attacks, we carefully analyze the policies used to mitigate the attacks and obtain several meaningful findings. This research sheds light on the design of effective DDoS attack mitigation schemes.